merging master into experiimental #351
Conversation
- Added ParentWeb4NFTId to IWeb3NFT interface and Web3NFT.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
This PR is being reviewed by Cursor Bugbot
Details
You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
...ders/Storage/NextGenSoftware.OASIS.API.Providers.MongoOASIS/Repositories/SearchRepository.cs
Show resolved
Hide resolved
| } | ||
| return false; | ||
| #else | ||
| return false; |
There was a problem hiding this comment.
Python fallback code unreachable due to commented preprocessor directive
The #else preprocessor directive was changed to //#else (a comment) at multiple locations, breaking the conditional compilation structure. The reflection-based fallback code that dynamically loads Python.NET at runtime is now unreachable when PYTHONNET_AVAILABLE is not defined. When the symbol is not defined, only return false; executes (or nothing for the third location), completely skipping the fallback path that was intended to detect Python.NET at runtime. This silently breaks Python interop for users without compile-time Python.NET support.
Additional Locations (2)
| { | ||
| // Return the first omniverse found (should only be one) | ||
| result.Result = searchResult.Result.FirstOrDefault(); | ||
| result.Result = searchResult.Result.FirstOrDefault() as IOmiverse; |
There was a problem hiding this comment.
Silent null return when holon cast fails after search
The search pattern was changed from SearchHolonsForParentAsync<IOmiverse> to SearchHolonsForParentAsync<Holon> with a subsequent as IOmiverse cast. When the search succeeds but the as cast fails (returning null), the method returns without setting an error, leaving result.Result as null. Callers receive a success result with null data, which could cause null reference exceptions or silent failures downstream. The same pattern appears in GetOrCreateUserMultiverseAsync, GetMagicVerseAsync, and GetGrandSimulationAsync.
Additional Locations (2)
|
|
||
| return _EOSIO; | ||
| } | ||
| } |
There was a problem hiding this comment.
Race condition in lazy-initialized provider properties returns null
The newly uncommented provider properties (EOSIO, Ethereum, Telos, ActivityPub) use Task.Run to asynchronously initialize the backing field but immediately return the field value without awaiting completion. On first access, this returns null because the async registration hasn't finished yet. The fire-and-forget pattern means callers receive null and subsequent accesses may still race with the ongoing initialization.
Additional Locations (2)
- [
Native EndPoint/NextGenSoftware.OASIS.API.Native.Integrated.EndPoint/APIs/WEB4 OASIS API/OASISProviders.cs#L133-L153](https://github.com/NextGenSoftwareUK/OASIS/blob/c5bab2e5a1b116de1e7fc44002ce21042baa01d5/Native EndPoint/NextGenSoftware.OASIS.API.Native.Integrated.EndPoint/APIs/WEB4 OASIS API/OASISProviders.cs#L133-L153) - [
Native EndPoint/NextGenSoftware.OASIS.API.Native.Integrated.EndPoint/APIs/WEB4 OASIS API/OASISProviders.cs#L217-L237](https://github.com/NextGenSoftwareUK/OASIS/blob/c5bab2e5a1b116de1e7fc44002ce21042baa01d5/Native EndPoint/NextGenSoftware.OASIS.API.Native.Integrated.EndPoint/APIs/WEB4 OASIS API/OASISProviders.cs#L217-L237)
| var docstringMatch = System.Text.RegularExpressions.Regex.Match( | ||
| afterDef, | ||
| @"(?:"""""(.*?)"""""|'''(.*?)''')", | ||
| @"(?:""""""""""(.*?)""""""""""|'''(.*?)''')", |
There was a problem hiding this comment.
Python docstring regex matches wrong quote count
The regex pattern for extracting Python docstrings uses """""""""" (10 quote characters) in a C# verbatim string, which translates to 5 actual " characters in the pattern. However, Python docstrings use triple quotes ("""). The pattern will never match standard Python triple-double-quote docstrings, causing ExtractPythonDocstring to always return empty for """-style docstrings.
- Added more documentation. - Fixed many providers. - Added postman endpoints with examples for STAR API. - Updated the OASIS API postman json file with latest API changes and added additional examples. - Multiple bug fixes including in the new COSMIC API & STARNET Plugin System.
Added the rest of web3 nft support such as edit, search, list etc to STAR.CLI and can now also start and stop the WEB4 OASIS API Server and WEB5 STAR API Server within STAR CLI.
- Fixed many bugs in STARCLI - Misc UI/UX/Flow improvements in STAR CLI.
| // nearProvider.OnStorageProviderError += NEAROASIS_StorageProviderError; | ||
| // result.Result = nearProvider; | ||
| break; | ||
| } |
There was a problem hiding this comment.
Provider registration silently fails with null result
The NEAROASIS and MoralisOASIS switch cases have their implementations commented out but still exist in the switch statement. When either provider type is requested, the case executes and breaks without setting result.Result or result.IsError. The caller receives a result with IsError=false (success) but Result=null (no provider), causing a silent failure. This can lead to null reference exceptions downstream when code assumes a successful result contains a valid provider.
Additional Locations (1)
- [
OASIS Architecture/NextGenSoftware.OASIS.OASISBootLoader/OASISBootLoader.cs#L1163-L1174](https://github.com/NextGenSoftwareUK/OASIS/blob/9a2f5a66fe996bd74120ca84a06cce1f50c17d1e/OASIS Architecture/NextGenSoftware.OASIS.OASISBootLoader/OASISBootLoader.cs#L1163-L1174)
| /// <summary> | ||
| /// PHP libraries (alias) | ||
| /// </summary> | ||
| PHP, |
There was a problem hiding this comment.
Duplicate PHP enum values are not true aliases
The Php and PHP enum values are documented as aliases but in C# enums, separate values automatically receive different underlying integers. Comparing InteropProviderType.Php with InteropProviderType.PHP will return false since they're distinct values. For true aliasing, both values would need to be explicitly assigned the same integer value (e.g., PHP = Php).
- Fixed a bug in the STARNET Dependency system in AddDependencyAsync method in STARNETUIBase in STAR.CLI.Lib.
… MetaDataHelper in OASIS.API.Core. - Fixed bugs in MintNFTInternalAsync & FormatSuccessMessage in NFTManager in OASIS.API.ONODE.Core. - Fixed bugs in LightWizardAsync & CreateOAPPComponentsOnSTARNETAsync in OAPPs in STARNET.CLI.Lib.
| { | ||
| CLIEngine.ShowMessage($" {i}. {kv.Key} = {GetMetaValue(kv.Value)}"); | ||
| i++; | ||
| } |
There was a problem hiding this comment.
Filtered display causes wrong metadata entries to be edited
The ManageMetaData method displays metadata entries with numbered indices while filtering out hidden keys ("WEB5STARNFTId" and "{{{newnft}}}"). However, when the user selects an entry to edit or remove, the code uses metaData.Keys.ElementAt(index - 1) on the unfiltered dictionary. This mismatch causes users to edit/remove the wrong entry, or accidentally modify hidden internal keys. The index validation also uses unfiltered metaData.Count, allowing selection of indices that don't correspond to visible items.
Additional Locations (1)
- [
OASIS Architecture/NextGenSoftware.OASIS.API.Core/Helpers/MetaDataHelper.cs#L216-L218](https://github.com/NextGenSoftwareUK/OASIS/blob/82f1cf455044326383b402de13f34fd4ff8d3fb8/OASIS Architecture/NextGenSoftware.OASIS.API.Core/Helpers/MetaDataHelper.cs#L216-L218)
Added a new grant entry for OpenServ in the Grants & Case Studies section.
Removed '✅ COMPLETED' from section headers in README.
Removed detailed visual architecture diagrams and updated HyperDrive architecture section.
Added a link to the OASIS Torus architecture diagram.
Added an image tag for the OASIS Torus architecture diagram in the README.
| var chainIdHex = OASISDNA.OASIS.StorageProviders.AvalancheOASIS.ChainId ?? "0x0"; | ||
| var chainId = chainIdHex.StartsWith("0x") | ||
| ? BigInteger.Parse(chainIdHex.Substring(2), System.Globalization.NumberStyles.HexNumber) | ||
| : BigInteger.Parse(chainIdHex); |
There was a problem hiding this comment.
Empty ChainId string causes FormatException during provider initialization
The BigInteger.Parse calls for AvalancheOASIS and BaseOASIS will throw a FormatException if ChainId is configured as an empty string. The null-coalescing operator ?? only handles null, not empty strings. If a user sets ChainId = "" in configuration, BigInteger.Parse("") crashes the provider initialization. Similarly, a value of "0x" (hex prefix with no digits) would cause Substring(2) to return an empty string, also throwing. Missing validation for empty or malformed ChainId values before parsing.
Additional Locations (1)
- [
OASIS Architecture/NextGenSoftware.OASIS.OASISBootLoader/OASISBootLoader.cs#L1137-L1141](https://github.com/NextGenSoftwareUK/OASIS/blob/7a048ce77363955d09605b432e8179332e17a6ae/OASIS Architecture/NextGenSoftware.OASIS.OASISBootLoader/OASISBootLoader.cs#L1137-L1141)
Updated the OASIS Architecture image link in the README.
| using System; | ||
| using System.Threading; | ||
| using System.Threading.Tasks; | ||
| using NextGenSoftware.OASIS.API.Core.Helpers; |
There was a problem hiding this comment.
Factory method missing cases for new interop provider types
The CreateProvider switch expression only handles 9 of the 24 InteropProviderType enum values. The new enum values added in this commit (TypeScript, Ruby, Php, PHP, Lua, Perl, Kotlin, Scala, Groovy, Clojure, Dart, R, Julia, ShellScript, PowerShell) are not handled, causing NotSupportedException even though their corresponding provider classes exist and are registered in CreateDefaultManagerAsync. Calling CreateProvider(InteropProviderType.PHP) will fail despite PhpInteropProvider being available.
Additional Locations (1)
…Pair & GenerateKeyPairAsync in IOASISBlockchainStorageProvider interface. - Tidied up the managers in OASIS.API.Core (moved some of them to the root of managers). - Rewrote GenerateKeyPairWithWalletAddress & GenerateKeyPairWithWalletAddressAsync methods in KeyManager in OASIS.API.Core so they call GenerateKeyPair/GenerateKeyPairAsync methods on the providers/chains so they generate a keypair and wallet address that is vaid for that chain/provider. - Removed redundant methods from KeyManager (old GenerateKeyPair methods. - Updated all provider/chains to work with the above changes. - Added additional key to LightWizardAsync in OAPPs in STAR.CLI.Lib.
… OASIS.API.Core. - Fixed a bug in LoadInstalledAsync method in STARNETManagerBase in OASIS.API.ONODE.ONODE in STARNETManagerBase. - Updated ShowSubCommandAsync by adding new [web3] params to NFT sub-commands in STAR CLI. - Added create sub-command to wallet sub-commands in ShowWalletSubCommandAsync method in STAR CLI. - Added [web4] and [web5] args/params to ONODE start/stop sub-commands in ShowONODEConfigSubCommandAsync method in STAR CLI. - Removed start/stop sub-commands from ONET sub-command menu in ShowONETSubCommandAsync method in STAR CLI because this is done in the ONODE menu/sub-command. - Fixed a typeo in ShowCommands method in STAR CLI. - Added new [web3 arg/param to DisplaySTARNETHolonCommands method in STAR CLI.. - Fixed the paths in StartWeb4APIAsync & StartWeb5APIAsync methods in STAR CLI so it now finds the WEB4 OASIS API REST API HTTP Service & the WEB5 STAR API REST API HTTP Service. - Added DeleteAsync method in NFTs in STAR.CLI.Lib so it now optionally deletes the WEB5 NFT's child WEB4 NFT & it's child WEB3 NFT's. - Added overload to DeleteWeb4NFTAsync method in STAR.CLI.Lib so now has defaults for softDelete, deleteChildWeb3NFTs & burnChildWeb3NFTs params. - DeleteAsync method in STARNETUIBase now returns the deleted STARNETHolon in STAR.CLI..Lib. - Corrected typeos in ListStarHolons in STARNETUIBase in STAR.CLI.Lib. - Fixed layout issues in CreateWalletAsync method in Wallets in STAR.CLI.Lib.
…WalletsForAvatarByIdAsync in WalletManager in OASIS.API.Core. - Fixed bugs in KeysController in WEB4 OASIS API WebAPI. - Fixed bugs in NftController in WEB4 OASIS API WebAPI. - Bumped WEB4 OASIS API WebAPI to v4.4.4. - Fixed a bug in GenerateKeyPair in SolanaOASIS. - Fixed bugs in CreateWalletAsync in Wallets in STAR.CLI.Lib. - Fixed a bug in GetQuestsByStatus in QuestsController in WEB4 OASIS API WebAPI.
… commands and other areas. - Fixed a bug in IsBinary in MetaDataHelper in NextGenSoftware Lib. - Updated GetWalletFromWalletManagerAsync in WalletHelper in NextGenSoftware Lib. - Added Name & Description to IProviderWallet interface. - Fixed many bugs in WalletManager. - Fixed a bug in GetAllBlockchainProviders method in ProviderManager in OASIS.API.Core. - Fixed a bug in GenerateKeyPairWithWalletAddress in KeyManager in OASIS.API.Core. - Fixed a bug in LinkProviderWalletAddressToAvatar in KeyManager where secret words were not being encrypted correctly. - Updated all Blockchain providers so they now all register the ProviderCategories they belong to.
- Updated URI for CoinGecko API in CoinGekoExchangeRateService in OASIS.API.Core. - Fixed a bug in CreateBridgeOrderAsync in CrossChainBridgeManager so now FromAddress instead of UserId uses n OASIS.API.Core. - Added addiitional error checking/validation to ImportWalletUsingJSONFileByIdAsync, ImportWalletUsingJSONFileById, ImportWalletUsingJSONFileByEmailAsync, ImportWalletUsingJSONFileByEmail, ImportWalletUsingJSONFileByUsernameAsync & ImportWalletUsingJSONFileByUsername in WalletManager in OASIS.API.Core. - Added ImportAllWalletsUsingJSONFileById, ImportAllWalletsUsingJSONFileByIdAsync, ImportAllWalletsUsingJSONFileByUsername, ImportAllWalletsUsingJSONFileByUsernameAync, ImportAllWalletsUsingJSONFileByEmail & ImportAllWalletsUsingJSONFileByEmailAsync to WalletManager in OASIS.API.Core - Fixed a bug in FilterWallets in WalletManager in OASIS.API.Core. - Added import and export sub-commands to Wallet menu in STAR CLI. - Added ImportWalletUsingPrivateKey, ImportWalletUsingPublicKey, ImportWalletUsingJSONFileAsync, ImportAllWalletsUsingJSONFileAsync, ExportWalletAsync & ExportAllWalletsAsync to Wallets in STAR.CLI.Lib.
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
This PR is being reviewed by Cursor Bugbot
Details
You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| // Fetch rates from CoinGecko | ||
| string url = $"simple/price?ids={fromCoinId},{toCoinId}&vs_currencies=usd"; | ||
| //string url = $"simple/price?ids={fromCoinId},{toCoinId}&vs_currencies=usd"; | ||
| string url = $"https://api.coingecko.com/api/v3/simple/price?vs_currencies=usd&ids={fromCoinId},{toCoinId}&x_cg_demo_api_key=CG-zG3a2tbc6QybLVKcknucz1Hz"; |
There was a problem hiding this comment.
Hardcoded API key exposed in source code
High Severity
A CoinGecko API key (CG-zG3a2tbc6QybLVKcknucz1Hz) is hardcoded directly in the source code URL string. This exposes the credential in version control, making it accessible to anyone with repository access and potentially compromising the key. The class comment on line 12 states "no API key required" which contradicts the implementation. API keys belong in configuration files, environment variables, or a secrets management system.
| result.Result.ProviderWallets[provider.ProviderType.Value] = new List<IProviderWallet>(); | ||
|
|
||
| result.Result.ProviderWallets[provider.ProviderType.Value].Add(walletResult.Result); | ||
| } |
There was a problem hiding this comment.
Null reference when accessing error message after null check
Medium Severity
The condition !(saveWalletsResult != null && saveWalletsResult.Result != null && !saveWalletsResult.IsError) explicitly handles saveWalletsResult being null, but when it is null, the condition evaluates to true (entering the error block), and then saveWalletsResult.Message is accessed, throwing a NullReferenceException. The null check in the condition contradicts the assumption in the error handler that saveWalletsResult is non-null.
Note
Adds major docs and broad core updates with several interface changes and provider enablement.
OASIS_COMPREHENSIVE_SUMMARY_WITH_MEETING_NOTES.md,OASIS_TECHNOLOGY_SUMMARY_AND_USE_CASES.md,OASIS_ZOOM_MEETINGS_SUMMARY_AND_USE_CASES.md).OASISProviders.cs(ActivityPub,SEEDS,Telos,EOSIO,Ethereum) with lazy registration properties.ISearchParamsandHolonManagersearch methods to supportFilterByMetaDataandMetaKeyValuePairMatchMode.MetaDataHelpernow hidesWEB5STARNFTIdand{{{newnft}}}keys from display/strings and relaxes binary detection.ProviderWalletscollections, and suppresses CLI logging during username checks;IProviderWalletgainsAvatarId,Name,Description.IWeb3NFTaddsParentWeb4NFTId;IOASISBlockchainStorageProvider.GenerateKeyPair[Async]now no-arg (BREAKING).STARNETSubCategorytoISTARNETDNA.request.FromAddressin cross-chain transfers; updates CoinGecko URL to full endpoint with API key.Holon.Nodes; remove ONODE circular deps inKarmaManagerby commenting dependent region.BREAKING CHANGES:
IOASISBlockchainStorageProvider.GenerateKeyPair[Async]signature change;IProviderWalletfields added; search method signatures extended.Written by Cursor Bugbot for commit 37aa201. This will update automatically on new commits. Configure here.